- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to setup custom certificate for between FGT and FMG communication
HI All,
May i know how to setup custom certificate for between FGT and FMG communication instead use built in cert? My case scenario is private CA. so currently i tried to use FAC to sign the FGT and FMG CSR.
I found a link https://community.fortinet.com/t5/FortiManager/Technical-Tip-Setup-custom-certificate-for-FGFM-proto...
However, not really understand the step. could anyone elaborate it below?? Thanks
Example:
FortiManager side:
# config system global
set fgfm-ca-cert “RootCA” <----- May i know is this Root CA export from FAC?
set fgfm-local-cert “cert_fmg” <--- May i know this local cert is it CSR and sign by FAC?
end
FortiGate side:
# config system central-management
set local-cert "cert_fgt" <--- May i know this local cert is it CSR and sign by FAC?
set ca-cert "RootCA" <----May i know is this Root CA export from FAC?
end
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello ck8882
Please review the link below the scenario should be the same:
https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-How-to-replace-default-SSLVPN-cer...
In this case the FGT is the Webserver and FMG is the client.
On web server you have to generate a CSR singed to the Root CA in this case FAC and then you need to install the Cert singed by the FAC into FGT.
On the other hand the client FMG should have Root CA installed in order to validate the FGT server certificate.
BR